Secured VPN Tips

Does your organization still use client VPN for user remote access? This is fine, so long as it is properly secured. At a minimum the following needs to be done:

• The firewall must enforce a password policy which forces users to use strong (characters+), complex (upper case, lower case, numbers, special characters) passwords

• The firewall must enforce the use of multi-factor authentication on VPN connections…no exceptions for executives. No exceptions!

• Only allow access to the internal resources the user HAS to access. Do not allow access to the entire internal network.

• Ensure that all users utilize ONLY devices owned, managed, and secured by the company. This reduces the likelihood that an infection at the user workstation travels across the tunnel onto the local network. Bring Your Own (BYOD) or other personally owned devices used to access a corporate network via VPN is ASKING FOR TROUBLE.

• When possible only the the user remote access to their office desktop via Remote Desktop (RDP).

• Prohibit remote users from doing ANY personal browsing, checking personal email, etc. while a VPN tunnel is live. This reduces the probability that their personal email (which is never as secure as their corporate email) damages the corporate environment.

• Ensure that if available, the VPN firewall is using recommended security policies (i.e. gateway antivirus, etc.) on all VPN tunnels.